365bet体育在线网投iOS与Java的LANDSA加密解密

javax.crypto.BadPaddingException: Invalid pad value!
at sun.security.pkcs11.P11Cipher$PKCS5Padding.unpad(P11Cipher.java:106)[sunpkcs11.jar:1.7.0_45]
at sun.security.pkcs11.P11Cipher.implDoFinal(P11Cipher.java:802)[sunpkcs11.jar:1.7.0_45]
at sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:542)[sunpkcs11.jar:1.7.0_45]
at sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:525)[sunpkcs11.jar:1.7.0_45]
at javax.crypto.Cipher.doFinal(Cipher.java:1922)[:1.7.0_45]
at com.idcq.appserver.utils.AESUtil.aesDecryptByBytes(AESUtil.java:193)[AESUtil.class:]
at com.idcq.appserver.utils.AESUtil.aesDecrypt(AESUtil.java:211)[AESUtil.class:]

    } catch (NoSuchAlgorithmException e) {
        throw new RuntimeException(e);
    } catch (NoSuchPaddingException e) {
        throw new RuntimeException(e);
    } catch (InvalidKeyException e) {
        throw new RuntimeException(e);
    } catch (IllegalBlockSizeException e) {
        throw new RuntimeException(e);
    } catch (BadPaddingException e) {
        throw new RuntimeException(e);
    }

}
/**
 * 传入RSA密文和私钥对数据进行解密
 * <br>生成时间:2014年5月2日  下午2:37:08
 * <br>返回值:String
 * <br>@param sec
 * <br>@param privkey
 * <br>@return
 */
public static String rsaDeEncoding(String sec,PrivateKey privkey){
    try {
        Cipher cip = Cipher.getInstance("RSA");
        cip.init(cip.DECRYPT_MODE, privkey);
        byte[] by = BASE64DecoderStream.decode(sec.getBytes());
        return new String(cip.doFinal(by));

    } catch (NoSuchAlgorithmException e) {
        throw new RuntimeException(e);
    } catch (NoSuchPaddingException e) {
        throw new RuntimeException(e);
    } catch (InvalidKeyException e) {
        throw new RuntimeException(e);
    } catch (IllegalBlockSizeException e) {
        throw new RuntimeException(e);
    } catch (BadPaddingException e) {
        throw new RuntimeException(e);
    }

}

/**
 * 传入字符串、密钥,并加密字符串(对称加密加密),支持:DES、AES、DESede(3DES)
 * <br>生成时间:2014年5月2日  下午12:05:44
 * <br>返回值:String 密文
 * <br>@param src
 * <br>@param key
 * <br>@param method(DES、AES、DESede)
 * <br>@return
 */
//对称加密加密
public static String doubKeyEncoding(String src,String keysrc,String method) {
    SecretKey key;
    try {
        //生成密钥
        KeyGenerator kg =  KeyGenerator.getInstance(method);
        //初始化此密钥生成器。
        kg.init(new SecureRandom(keysrc.getBytes("utf-8")));
        key = kg.generateKey();

        //加密
        Cipher ciph =  Cipher.getInstance(method);
        ciph.init(Cipher.ENCRYPT_MODE, key);
        ciph.update(src.getBytes("utf-8"));
        //使用64进行编码,一避免出现丢数据情景
        byte[] by = BASE64EncoderStream.encode(ciph.doFinal());
        return new String(by);
    } catch (NoSuchAlgorithmException e) {
        throw new RuntimeException(e);
    } catch (NoSuchPaddingException e) {
        throw new RuntimeException(e);
    } catch (InvalidKeyException e) {
        throw new RuntimeException(e);
    } catch (IllegalBlockSizeException e) {
        throw new RuntimeException(e);
    } catch (BadPaddingException e) {
        throw new RuntimeException(e);
    } catch (UnsupportedEncodingException e) {
        throw new RuntimeException(e);
    }
}
/**
 * 传入字符串、密钥、加密方式,并解密字符串(对称加密解密密),支持:DES、AES、DESede(3DES)
 * <br>生成时间:2014年5月2日  下午1:12:13
 * <br>返回值:String 密钥原文
 * <br>@param sec
 * <br>@param key
 * <br>@param method(DES、AES、DESede)
 * <br>@return
 */
public static String doubKeyDencoding(String sec,String keysrc,String method) {
    SecretKey key;
    try {
        //生成密钥
        KeyGenerator kg =  KeyGenerator.getInstance(method);
        //初始化此密钥生成器。
        kg.init(new SecureRandom(keysrc.getBytes("utf-8")));
        key = kg.generateKey();
        //加密
        Cipher ciph =  Cipher.getInstance(method);
        ciph.init(ciph.DECRYPT_MODE, key);
        //使用64进行解码,一避免出现丢数据情景
        byte[] by = BASE64DecoderStream.decode(sec.getBytes());
        ciph.update(by);
        return new String(ciph.doFinal());

    } catch (NoSuchAlgorithmException e) {
        throw new RuntimeException(e);
    } catch (NoSuchPaddingException e) {
        throw new RuntimeException(e);
    } catch (InvalidKeyException e) {
        throw new RuntimeException(e);
    } catch (IllegalBlockSizeException e) {
        throw new RuntimeException(e);
    } catch (BadPaddingException e) {
        throw new RuntimeException(e);
    } catch (UnsupportedEncodingException e) {
        throw new RuntimeException(e);
    }
}

/**
 * 单向信息加密(信息摘要),支持:md5、md2、SHA(SHA-1,SHA1)、SHA-256、SHA-384、SHA-512,
 * <br>生成时间:2014年5月2日  上午11:13:44
 * <br>返回值:String         加密后的密文
 * <br>@param src     传入加密字符串(明文)
 * <br>@param method  指定算法(md5、md2、SHA(SHA-1,SHA1)、SHA-256、SHA-384、SHA-512)
 * <br>@return
 */
public static String ecodingPasswd(String src,String method){

    try {
        //信息摘要算法
        MessageDigest md5 = MessageDigest.getInstance(method);
        md5.update(src.getBytes());
        byte[] encoding = md5.digest();
        //使用64进行编码,一避免出现丢数据情景
        return new String(BASE64EncoderStream.encode(encoding));
    } catch (NoSuchAlgorithmException e) {
        throw new RuntimeException(e+"加密失败!!");
    }

}

Jmeter接口加密测试小结

     
近日,公司做接口测试,可是发送请求前须要对个别参数做加密处理。在此以前一贯没做过那种,于是在网上查了诸多资料,可是千篇一律,都以讲的把加密工具类打成jar包导入JMeter。因为作者写的工具类引入了不少第2方jar包,所以引入到JMeter里总是报错(额,具体错误没记等今后复现再贴)。

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import static java.lang.String.format;
public class Encryptor {
public static void main(String[] args) throws IOException,
NoSuchAlgorithmException, InvalidKeySpecException,
NoSuchPaddingException, InvalidKeyException, BadPaddingException,
IllegalBlockSizeException {
PrivateKey privateKey = readPrivateKey();
String message =
“AFppaFPTbmboMZD55cjCfrVaWUW7+hZkaq16Od+6fP0lwz/yC+Rshb/8cf5BpBlUao2EunchnzeKxzpiPqtCcCITKvk6HcFKZS0sN9wOhlQFYT+I4f/CZITwBVAJaldZ7mkyOiuvM+raXMwrS+7MLKgYXkd5cFPxEsTxpMSa5Nk=”;
System.out.println(format(“- decrypt rsa encrypted base64 message: %s”,
message));
// hello ~, encrypted and encoded with Base64:
byte[] data = encryptedData(message);
String text = decrypt(privateKey, data);
System.out.println(text);
}
private static String decrypt(PrivateKey privateKey, byte[] data)
throws NoSuchAlgorithmException, NoSuchPaddingException,
InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
Cipher cipher = Cipher.getInstance(“RSA/ECB/PKCS1Padding”);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] decryptedData = cipher.doFinal(data);
return new String(decryptedData);
}
private static byte[] encryptedData(String base64Text) {
return
Base64.getDecoder().decode(base64Text.getBytes(Charset.forName(“UTF-8”)));
}
private static PrivateKey readPrivateKey() throws IOException,
NoSuchAlgorithmException, InvalidKeySpecException {
byte[] privateKeyData = Files.readAllBytes(
Paths.get(“/Users/twer/macspace/ios_workshop/Security/SecurityLogin/tools/pkcs8_private_key.pem”));
byte[] decodedKeyData = Base64.getDecoder()
.decode(new String(privateKeyData)
.replaceAll(“—–\w+ PRIVATE KEY—–“, “”)
.replace(“\n”, “”)
.getBytes());
return KeyFactory.getInstance(“RSA”).generatePrivate(new
PKCS8EncodedKeySpec(decodedKeyData));
}
}

4.起动之后在浏览器上输入ip:8080/项目名

import com.sun.mail.util.BASE64DecoderStream; import
com.sun.mail.util.BASE64EncoderStream;

(本人小白,第三遍写 0.0)

自家的消除方法:把工具类里全数涉嫌到的第一方包全都找出来,作者提到的有jce.jar,local_policy.jar,rt.jar,sunjce_provider.jar,US_export_policy.jar导入到测试安顿中如图:

365bet体育在线网投 1

测试安顿

下一场在HTTP请求下边添加前置处理器BeanShell PreProcessor,

365bet体育在线网投 2

添加BeanShell PreProcessor

后来在BeanShell PreProcessor的Script中举办加密逻辑的代码编写,代码如下:


import java.io.IOException;

import java.security.InvalidKeyException;

import java.security.Key;

import java.security.KeyFactory;

import java.security.KeyPair;

import java.security.KeyPairGenerator;

import java.security.NoSuchAlgorithmException;

import java.security.PrivateKey;

import java.security.PublicKey;

import java.security.Security;

import java.security.spec.PKCS8EncodedKeySpec;

import java.security.spec.X509EncodedKeySpec;

import java.util.HashMap;

import java.util.Map;

import java.util.logging.Logger;

import javax.crypto.BadPaddingException;

import javax.crypto.Cipher;

import javax.crypto.IllegalBlockSizeException;

import javax.crypto.NoSuchPaddingException;

import com.sun.org.apache.xml.internal.security.utils.Base64;

import sun.misc.BASE64Decoder;

import sun.misc.BASE64Encoder;

//————————————————-RSA加密——————————————————-

String
mingKey=”MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyhMMmQTsZYpQX1iLM1QPWT+hD0Y/Z1wNvvxvavDLBQN9vASkjRnR8S4rlQBHAM/WbC+KC14KJcHTydYjmAIwREux20WxxbrdZZXey/BTv9MRHs2rhckYpGRaVGfpsFVDTFq2468i50xqcraYxcpPxpeohZMxKeixzMbnp/cf4UJiQJ0w0ARQyLJhgenA0hOJ3iGm8JRKxtxmZ6nA6oStV9VrtcUAm2N5F/Oiu5eMQIeWpuYkfMhplqU+/fr7Zx6hBAR/VVvsiGD/PMCYk4nKVKZ1hCCZCz+zBusonRobx+93wu0V7j11xJiC1gTUhRSa60Ox4OlQGXB0A3zxNSh4wIDAQAB”;//公钥

String
miKey=”MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/KEwyZBOxlilBfWIszVA9ZP6EPRj9nXA2+/G9q8MsFA328BKSNGdHxLiuVAEcAz9ZsL4oLXgolwdPJ1iOYAjBES7HbRbHFut1lld7L8FO/0xEezauFyRikZFpUZ+mwVUNMWrbjryLnTGpytpjFyk/Gl6iFkzEp6LHMxuen9x/hQmJAnTDQBFDIsmGB6cDSE4neIabwlErG3GZnqcDqhK1X1Wu1xQCbY3kX86K7l4xAh5am5iR8yGmWpT79+vtnHqEEBH9VW+yIYP88wJiTicpUpnWEIJkLP7MG6yidGhvH73fC7RXuPXXEmILWBNSFFJrrQ7Hg6VAZcHQDfPE1KHjAgMBAAECggEAF0CrpCWQT7XYZuL9oj2HWTCD1UopVBBmqgmTqmLOZvo5iKRDXg2J0q0XWf1V9TZf6mUZfIGrcCSO+w3qM8dyySlx60hV0Pn0wmT7VzzD4vwjJuFmEV83SdYzPgBzzzENS4GLYhHG1aTVebX3Qr56gfaPNGBKDlHl9x08ats/UzOB126jom5K2Nn2rRjc5CL2Z8/Nfd++gQBIWmfi/S86uiH55HmW9tvz8/P1+TughdAJ3b6c0dM5LRR5KAGMdmF+5DX+2wHrQO61wFCf0wCC+FwHcsKOEBWEw5IwcMcGSP1MTZsyTxAaofTF9CNTVoaUAlmFJo52IvOH9tPFwF90wQKBgQDe8DpCW9QfS3Myc8YZTj5TcdOF/HRlCkFTDztJJwFfFmr7NAPQVkSk+B0CT683Pz4RLSdxkXZ9DuZ3Wik39vIu5RFrx5ajXc3woUZpb98LTbZEh1n6oLLRx3qVMty9XnQ1jgd6cxS1ch2Us2ZjLKFi8qddALBbLvPf2NOjboXXewKBgQDbgYRnzf2xxS3fCII6cJR+qqfJVcqigLbhcNGo+HYYaPusm9p5vEAyhwuhjD85ZRh0AiadaxlBSlSzxjNDkopFRbGcB7xI9l3k05HgHr0Drm22U2a8mZ26qbh4ECvt28MgLdZfU+4OO51UszsMsvBZafHNAWkq8B9z7+okh/qeuQKBgQCJoG+2y422DBP/j2057g2X4esdCe6o+Z2+Mub8j/HOy74bec7o7HjQBsORy7N1PbuJSwDQoWYuaeZow+YyQGbeAFey27HpBF3AMS+Qo5lkFwNwZsZrbI036BeKx61x0j+XWCjRtP2RzfLo+583ljPDK92aEnTMtb2j8O0mNXK2xQKBgQDBFTyS0u/F39xpw+JJ5Z25jgPpZj3Ik9BKniLOrz+yWSaIvs9/JciSqZfhkqxKoFLSONIexoaAmBHJ0R5m4hAevx9sUKGezJfrIO/AZUl+Y4C+UL6eR8Im4AQUGKWLpTQOqkNXt0w/2NCcIMxgb0ZcYIUB/6uyyWXhZbhgSfx6gQKBgByJ1+ecDO3huojtyX+HLEQ1yTHy+4on9l29uB6ZKSXjj7nvaoypqX428sBOVUGwydVtXAbbxMSJn4NbPo97QK6CJXbLP8i4Xl5bykzBbYLyLnbkUu0J5GWeghTjS1SIKZ6mc91eAh9N6K2+EopeKpcVWEe8d0XMdJR67X4Qd8UZ”;//私钥

String threeDesKey=”ThisMy3DesKey”;

String phonenum=”17600662928″;

String password=”111111″;

Cipher cipher=Cipher.getInstance(“RSA”);

//GetPublicKey

byte[] keyBytesPu;

keyBytesPu = (new BASE64Decoder()).decodeBuffer(mingKey);

X509EncodedKeySpec keySpecPu = new X509EncodedKeySpec(keyBytesPu);

KeyFactory keyFactoryPu = KeyFactory.getInstance(“RSA”);

PublicKey publicKey = keyFactoryPu.generatePublic(keySpecPu);

//GetPrivateKey

byte[] keyBytesPv;

keyBytesPv = (new BASE64Decoder()).decodeBuffer(miKey);

PKCS8EncodedKeySpec keySpecPv = new PKCS8EncodedKeySpec(keyBytesPv);

KeyFactory keyFactoryPv = KeyFactory.getInstance(“RSA”);

PrivateKey privateKey = keyFactoryPv.generatePrivate(keySpecPv);

//公钥加密

cipher.init(Cipher.ENCRYPT_MODE, publicKey);

byte[] enBytes = cipher.doFinal(threeDesKey.getBytes());

String myKey= (new BASE64Encoder()).encode(enBytes);

//私钥解密

cipher.init(Cipher.DECRYPT_MODE, privateKey);

byte[] deBytes = cipher.doFinal((new
BASE64Decoder()).decodeBuffer(myKey));

String myKeyJ=new String(deBytes);

//————————————————-RSA加密——————————————————-

//————————————————-3DES加密——————————————————-

Cipher encryptCipher = null;

Cipher decryptCipher = null;

Security.addProvider(new com.sun.crypto.provider.SunJCE());

byte[] array=threeDesKey.getBytes();

// 创造多少个空的5个人字节数组

byte[] arrayTemp = new byte[8];

int length = array.length;

// 长度是或不是高于8

if (length > 8)  {

System.arraycopy(array, 0, arrayTemp, 0, 8);

}  else  {

System.arraycopy(array, 0, arrayTemp, 0, length);

}

// 生成密钥

Key key = new javax.crypto.spec.SecretKeySpec(arrayTemp, “DES”);

encryptCipher = Cipher.getInstance(“DES”);

encryptCipher.init(Cipher.ENCRYPT_MODE, key);

decryptCipher = Cipher.getInstance(“DES”);

decryptCipher.init(Cipher.DECRYPT_MODE, key);

//3DES加密  threeDesKey=”ThisMy3DesKey”;

String content =
“{\”telNum\”:\”17600662928\”,\”password\”:\”111111\”,”

* + “\”blackBox\”:\”63ABCFB379461777733FFB402B5A3CA5\”,”*

*  + “\”client\”:\”H5\”,\”version\”:\”3.9.0\”,”*

+ “\”decodeNum\”:\”d1ad62b5a1f9200c8a03c5df77d10910\”}”;

//String content=”111111″;

byte[] byteMi = null;

byte[] byteMing = null;

// 加密后的字符串

String strEncrypt = “”;

byteMing = content.getBytes(“UTF8”);

byteMi = encryptCipher.doFinal(byteMing);

strEncrypt = Base64.encode(byteMi);

//3DES解密

byte[] byteMingJ = null;

byte[] byteMiJ = null;

//解密后的字符串

String strMing = “”;

byteMiJ = Base64.decode(strEncrypt);

byteMingJ = decryptCipher.doFinal(byteMiJ);

strMing = new String(byteMingJ, “UTF8”);

log.info(“3DES秘钥:”+threeDesKey);

log.info(“公钥加密:”+myKey);

log.info(“私钥解密:”+myKeyJ);

log.info(“加密前的content:”+content);

log.info(“加密后的content:”+strEncrypt);

log.info(“解密后的content:”+strMing);

vars.put(“telNum”,myKey);

vars.put(“password”,strEncrypt365bet体育在线网投,);


本人代码里面分别用到了库罗德SA加密和3DES加密,vars.put()那么些方法能够对请求中的钦赐参数实行传参,且HTTP请求中的参数要开始展览引用,如图:

365bet体育在线网投 3

参数引用

处理完那么些点击运营查看结果:

365bet体育在线网投 4

参数被加密

从上海体育场地能够看出请求中的”telNum”与”password”参数已经由此加密了。

上述就是本身的开端消除方法,第一回写果然语无伦次0.0 。

宣称:亲测,是足以互通的。
扬言:本文章摘要录来源http://www.jianshu.com/p/581380445eb4
作者totzcc
iOS代码地址https://gist.github.com/lvjian700/204c23226fdffd6a505d

消除措施: 

<无详细内容>“` java import
java.io.UnsupportedEncodingException; import
java.security.InvalidKeyException; import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import
java.security.PrivateKey; import java.security.PublicKey; import
java.security.SecureRandom;

  1. 利用openssl生成密钥队,谷歌时而。注意:Java供给运用pkcs8 private
    key解密。
    2.pod ‘Base64nl’, ‘~> 1.2’
    3.iOS加密
    RSAEncryptor *rsa = [[RSAEncryptor alloc] init];
    NSLog(@”encryptor using rsa”);
    NSString *publicKeyPath = [[NSBundle mainBundle]
    pathForResource:@”public_key” ofType:@”der”];
    NSLog(@”public key: %@”, publicKeyPath);
    [rsa loadPublicKeyFromFile:publicKeyPath];
    NSString *securityText = @”hello ~”;
    NSString *encryptedString = [rsa
    rsaEncryptString:securityText];
    NSLog(@”encrypted data: %@”, encryptedString);
    4.Java解密
    主导步骤:
    加载pkcs8 private key:
    读取private key文件
    去掉private key头尾的”—–BEGIN PRIVATE KEY—–“和”—–BEGIN
    PRIVATE KEY—–“
    删除private key中的换行
    对处理后的多寡开始展览Base64解码
    选拔解码后的数量变动private key.
    解密数据:
    对数码开始展览Base64解码
    使用RSA decrypt数据.

消除方法:

} “`

发表评论

电子邮件地址不会被公开。 必填项已用*标注